Skip to main content

Overview

The Iqra AI API uses API key authentication to secure all endpoints. You must include your API key in the Authorization header of every request.

Authentication method

All API requests must include an API key in the Authorization header using the Token scheme: 
Authorization: Token YOUR_API_KEY

Creating an API key

You can create API keys through the Iqra AI dashboard:
  1. Navigate to the API Keys section in your account settings
  2. Click “Create New API Key”
  3. Configure the following settings:
FriendlyName
string
required
A descriptive name for the API key to help you identify its purpose
RestrictedBusinessIds
array
Optional list of business IDs to restrict this API key’s access. If not specified, the key can access all your businesses.
AllowUserManagementApiRequests
boolean
required
Whether this API key can be used for user management endpoints

Authentication validation

When you make an API request, the system validates:
  • API key validity: The key must exist and be active
  • Business restrictions: If the key has business restrictions, it can only access those specific businesses
  • User permissions: The user associated with the API key must not be disabled
  • Business permissions: The target business must not be disabled and you must have appropriate access

Example request

curl https://api.iqra.ai/api/v1/business/12345 \
  -H "Authorization: Token sk_live_abc123xyz789"

Error responses

If authentication fails, you’ll receive a response with Success: false and an error code:
Success
boolean
Will be false for authentication errors
Code
string
Error code indicating the type of failure (e.g., INVALID_API_KEY, PERMISSION_DENIED)
Message
string
Human-readable error message describing what went wrong

Common authentication errors

CodeDescription
INVALID_API_KEYThe API key is invalid or has been revoked
PERMISSION_DENIEDThe API key doesn’t have access to the requested resource
USER_DISABLEDThe user account associated with the API key is disabled
BUSINESS_DISABLEDThe business you’re trying to access is disabled

Security best practices

Never share your API keys or commit them to version control. Treat them like passwords.
  • Store API keys securely using environment variables or a secrets manager
  • Use different API keys for different environments (development, staging, production)
  • Restrict API keys to specific businesses when possible
  • Rotate API keys periodically
  • Delete unused API keys immediately
  • Monitor API key usage for suspicious activity

Rate limiting

API requests are subject to rate limiting to ensure fair usage. If you exceed the rate limit, you’ll receive a 429 Too Many Requests response. Contact support if you need higher rate limits for your use case.

Build docs developers (and LLMs) love

Get started for freeTalk to us